Worst Windows flaws of the past decade

The exploits and oversights that left Redmond with egg on its face

Billy Gates, stop making money! Make malware instead.

Bug identifier: MS03-026

Description: Buffer overrun in RPC interface could allow code execution

Alias: The Blaster Worm bug

Date published: July 16, 2003

The DCOM RPC interface is a common component of NT-based Windows OSes, including NT, 2000, XP, and Server 2003. In the summer of 2003, it became the subject of intense scrutiny.

As Microsoft described in the bulletin that accompanied the patch, a successful exploit only required the attacker to send a "specially formed request" to a vulnerable PC -- a bit like dangling candy in front of a ravenously hungry baby.

By August 11, the Blaster worm arrived, and though it spread rapidly, it was fairly easy to block with a firewall.

Unfortunately, protecting home systems with firewalls wasn't common practice at the time. Home users' PCs -- connected directly to the Internet -- got whomped by the worm. When the worm's code crashed the infected computer's RPC service, the computer would display a message warning of imminent shutdown, and unceremoniously reboot itself.

The worm had another message, this one to Microsoft's founder, and embedded within its code: "billy gates why do you make this possible? Stop making money and fix your software!!"

But it was fixed. Or at least it would have been if people had patched their systems.

At the end of the summer, Microsoft released a second set of updates in MS03-039 that blocked additional ports that attackers could use to mess with the RPC service.

Upshot: We're all in better shape thanks to the wide adoption of firewalls in the home. Thanks in part to Blaster and its ilk, most broadband modems have one built in.

That sassy bug has a lot of spunk

Bug identifier: CVE-2003-0533, MS04-011

Description: Stack-based overflow in certain Active Directory service functions in LSASRV.DLL

Alias: The Sasser bug

Date published: April 13, 2004

In yet another example of ironic buffer-overflow goodness, this bug made the security subsystem of Windows the agent of evil itself. And, once again, malicious coders used Microsoft's own patch to figure out exactly where to target the OS.

As Windows XP's gatekeeper, LSASS (Local Security Authority Subsystem) manages the permissions of a PC's user accounts. So when eEye -- the same company that discovered the Code Red bug -- quietly disclosed the details of this flaw to Microsoft in October 2003, it touched off six months of furious coding in Redmond that culminated in a patch that fixed 13 other Windows 98, NT, 2000, XP, and Server 2003 flaws, as well as the LSASS bug.

And, within 18 days, the Sasser worm was cruising the Internet, hopping from one unpatched machine to another. The poorly coded worm wreaked havoc, shutting down networks around the world. Even though a fix was already available, many users -- in particular, corporate IT managers -- still had not applied MS04-011. By May 1, 2004, work on fixing the unintended damage caused by Sasser had become a round-the-clock operation, says then director of the Microsoft Security Response Center, Kevin Kean, with "a number of war rooms and rotating shifts" for MSRC staffers.

Upshot: What was that about patching as soon as the updates are available? Lessons that should have been learned three years earlier didn't really sink in until Sasser publicly pummeled patchless PCs to pulp.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Windows Vistawindows xpWindows 2000windows 98

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andrew Brandt

InfoWorld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?